Ephemeral Peripheral Device

ABSTRACT

An ephemeral peripheral system includes an ephemeral memory system and controller circuit for securing user data for a smartphone application. Different secure operating modes are provided for customizing user security requirements across end-to-end communications links, including in exchanges of electronic data between smartphone devices.

RELATED APPLICATION DATA

The present application claims priority to and is a continuation of Ser.No. 15/141,567, which is a continuation-in-part of Ser. No. 14/865,971filed Sep. 25, 2015 (now U.S. Pat. No. 10,115,467), which '971application in turn claims the benefit under 35 U.S.C. 119(e) of thepriority date of Provisional Application Ser. No. 62/057,856 filed Sep.30, 2014. This application is also related to application Ser. No.15/141,230 filed on the same date as the '567 application and assignedattorney docket no. JONK 2015-2CIP1. All of the above applications arehereby incorporated by reference.

FIELD OF THE INVENTION

The present invention relates to devices which are useable as ephemeralperipherals/memories. The invention has particular applicability tosmartphone and other portable applications where is it desirable totreat and secure communications data using separate dedicatedperipherals.

BACKGROUND

Conventional nonvolatile memory cells, such as OTP, EPROM, flash memory,or even PCM, are designed and in fact usually optimized to retain theirdata not only at ambient storage condition, but also during other deviceoperations, including at data accessing conditions. That is, a readoperation, or a data accessing operation, is typically performed undervery benign biasing conditions to avoid any inadvertent change to thestored data. For example, in a typical floating gate nonvolatile memorycell, typically electrons that have been injected unto the floating gate(from a channel created between a source and drain region of the cell)are used as the stored data. The presence or absence of electrons on thefloating gate defines a logic value corresponding to either a “1” stateor a “0” state, or vice versa.

The cells are engineered so that these electrons are retained on thefloating gate during either the idle/quiescent storage conditions orduring the read operations. Read operations implemented by conventionalflash memory controllers are designed such that no additional electronsare either injected unto the floating gate, or taken out of the floatinggate. This way, the integrity of the stored data is preserved with dataaccessing operations. See e.g., US Publication No 2013/0346805incorporated by reference herein. This feature of “access”non-volatility is highly desirable in applications where the samestorage data is accessed many times, such as the case of stored programcodes or other frequently accessed data which is not intended to bechanged. However, there is a need in the art for memory devices that canservice other applications in which continued access to data is notnecessary, or in fact, is undesirable.

Recently problems have also arisen in connection with users desiring tomaintain better privacy over the content of their communications onsmartphones, including images, text messages, etc. While some securityis offered by convention passwords, encryption, etc., these techniquesalone are still vulnerable to hacking and reverse engineering. To datethere are few if any truly secure tools for effectuating the type oftransient, ephemeral behavior found in oral conversations to electroniccommunications.

SUMMARY OF THE INVENTION

An object of the present invention, therefore, is to overcome theaforementioned limitations and conventions of the prior art.

A first aspect covers a non-volatile memory cell device (which can befloating gate based device) stores a logic state based on a value of acharge physically present in a memory cell, such that a first amount ofcharge represents a first logical value, and a second amount of chargerepresents a second logical value.

A hybrid read operation implemented on the device (preferably a singleintegrated circuit) is configured to effectuate, either simultaneouslyor through a two-step process, both: i) a read of the stored memory celllogic state during a first phase; and ii) an erase of the stored memorycell logic state during an immediately subsequent second phase.

A programmable onboard controller effectuates the bias conditionsnecessary for the hybrid or modified read operation. Aspects of theinvention therefore are directed to both the circuits and methods thatbring about the new type of read operation. In some embodiments phasechange materials based cells can be used as well for a memory array.

In another aspect, an ephemeral memory device is adapted to be coupledto and store selected data from one or more applications executing on afirst separate host computing device. The device generally comprises aninterface circuit adapted to exchange ephemerally designated databetween the ephemeral memory device and the first separate hostcomputing device;

an ephemeral memory circuit adapted to store ephemerally designateddata; a controller circuit coupled to the interface circuit and theephemeral memory, and being adapted to process and enforce ephemeralparameters for data specified by the one or more applications on thefirst separate host computing device. The ephemeral parameters caninclude instructions for example specifying a one time access readoperation on ephemerally designated data for the one or moreapplications. A one time access read operation performed by thecontroller circuit is implemented through a hybrid memory operation thatsimultaneously reads and physically and permanently erases theephemerally designated data on said ephemeral memory circuit, preferablyusing the previously described OTA cell. In this manner, the ephemeralmemory device imparts ephemeral behavior to selected data (preferably ofthe user's choosing) received by a first separate host computing device.In instances where onboard ephemeral memory is available, it may be usedin addition to or in lieu of a peripheral.

Yet other aspects cover a host computing device that is configured tocooperate with an ephemeral peripheral, and implement a secure proxy forcommunications data.

Other aspect are directed to effectuating secure, ephemeralcommunications links end to end between wireless devices so that userscan exchange multimedia data more securely and with fewer concerns ofloss or intrusion over their data.

It will be understood from the Detailed Description that the inventionscan be implemented in a multitude of different embodiments. Furthermore,it will be readily appreciated by skilled artisans that such differentembodiments will likely include only one or more of the aforementionedobjects of the present inventions. Thus, the absence of one or more ofsuch characteristics in any particular embodiment should not beconstrued as limiting the scope of the present inventions. Whiledescribed in the context of a non-volatile memory device, it will beapparent to those skilled in the art that the present teachings could beused in any number of related applications.

DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a cell array with a selected cell highlighted in apreferred embodiment of a non-volatile memory device of the presentinvention;

FIG. 2A shows a preferred Vt of a programmed cell as a function of readtime in a preferred embodiment of a non-volatile memory device of thepresent invention;

FIG. 2B shows a preferred Vt of an unprogrammed cell as a function ofread time in a preferred embodiment of a non-volatile memory device ofthe present invention;

FIG. 3 illustrates a timing diagram of biasing applied during apreferred read operation embodiment of the present invention;

FIG. 4 is a block diagram of a preferred structure of an ephemeralsystem that includes an ephemeral based host communications device andephemeral memory peripheral;

FIG. 5 depicts a preferred process used by smart devices that include(or can be docked with) an OTA memory.

DETAILED DESCRIPTION

The inventors posit a new type of data storage device and accessoperation, in which data in a memory cell is (effectively) ensured to beerased after it is read, to prevent further access to the original data.As noted below, the inventors believe that there are many new and recent(as well as future) applications where it is desirable (or evennecessary) to allow the cell/device data only to be accessed once, andthereafter the data be made no longer available after a first (and only)one time access (OTA) operation is performed. Example applications wherean OTA feature is useful include pay-per-view music or movie data, OTAtokens, and other one-time use applications, including facilitytemporary access applications (single access authorization cards, passcoded tickets, pass coded electronic keys, etc.) secure communications(disappearing email, photos, etc.) certain types of data caches,receive/transmit data buffers, etc. Military and security applicationswhich require periodic data sanitizing are also potential applications.Accordingly the invention(s) address a clear long-felt need leftunsolved in the prior art, and enables solutions for new types ofapplications as well.

One method of achieving this one time access feature is through issuingand performing a new hybrid command, preferably with an onboard memorycontroller, to erase or re-set the stored data on the memory cells,substantially immediately right after or subsequent to a read operation.In other words, the memory controller is configured to implement a novelhybrid read command, which includes a separate conventional eraseoperation performed right after a conventional read operation on thedata in question during a second access of the cell. This can beeffectuated by a simple modification of the array read/write/erasecontroller firmware implemented in the memory controller.

This first type of One-Time access implementation can work well inapplications which do not require an extremely high level of security,and when there is reasonable certainty that the firmware program will beexecuted properly and completely. In this first embodiment, there is noguaranteed mechanism however to ensure that the erase command isactually carried out after the read operation, since it is conceivablethat the erase command can be interrupted right after accessing the dataso that it is not carried out completely. For example a power failure orother electrical glitch could interfere with the follow up eraseoperation. Accordingly, it is possible that the data is still retainedand available on the memory cells, thus making it possible for furtherundesirable access of the data. Even such residual data, however, can beaddressed through conventional data sanitizing operations known in theart.

A second embodiment discussed at length herein addresses reading thecontent of stored data in a nonvolatile memory cell such that thereading or accessing operation itself is modified so that it inherentlycauses the data to be removed or erased as well, in a form of integratedoperation.

In other words, the memory controller is configured to implement asecond type of novel hybrid read command, which includes a new type ofoperation in which charge is both read and removed during a singleaccess cycle/period. As with the first embodiment, this can beeffectuated by a simple modification of the array read/write/erasecontroller firmware implemented in the memory controller. Since it isextremely difficult to interfere with firmware level operations duringthis single access, the second embodiment's hybrid “erase as part ofread” command should be extremely secure.

This second approach ensures that the data can only be accessed oncefrom the systems. Furthermore this method can be applied in differenttypes of Nonvolatile memory, including floating gate storage cells andPhase Change Memory cells.

The concept of a destructive-read command implemented herein hinges ontransforming a read command so that—in addition to a read operation—itis also effectuates an operation that erases data (or re-programs themeffectively to an initial unprogrammed Vt state) stored in thenonvolatile memory cell. The main feature of the present disclosuretherefore is to take advantage of operations previously known toselectively place electrons on the cell, and convert them effectivelyinto an erase operation.

So as to be consistent and reliable like prior read methods, however, adestructive read operation should similarly only remove stored data oncells that are selected for reading. That is, there should be noread-disturb on non-selected cells during the destructive read accessoperation. Otherwise the data on cells that are yet to be accessed, butsharing the same bitlines or wordlines could also be erased. In thepresent case, by using channel hot electron injection, which is a morebit-specific process, an erase can be implemented that does notsubstantially or adversely affect a logic state of adjoining cells. Thisconcept should be applicable to many of the most common types ofnonvolatile memory cells, and this invention will use the examples ofboth floating gate memory cells and the Phase Change Memory cells.

In a preferred embodiment of implementing this innovation with aconventional floating gate flash memory cell, one can define a high Vtstate, or state with injected electrons on the floating gate to be alogical erased or reset state. A cell with low Vt or UV Vt can beconsidered as a logical programmed state.

A bulk erase operation is done with a programmed memory controller byapplying a high voltage on the control gate of all cells with theirassociated source, drain regions, and substrate all held at 0V. Undersuch conditions a cell's threshold voltage will be raised to greaterthan a certain voltage level, for example greater than 3.5V. This highVt state represents an erased state, or a logical “0” state. It will beunderstood that other values will be useful or necessary in otherapplications, and depending on the cell/array design.

A programming operation is done with the programmed memory controller byapplying a voltage of −5V on a selected wordline and a voltage of 5V ona selected bit line to facilitate removal of electrons on the floatinggate of the selected cell to bring the Vt down to somewhere preferablybelow 2.0V. This low Vt state represents a programmed state, or alogical “1” state. It will be understood of course that other techniquesare possible for bulk erase and program, and will vary according to thespecific cell implementation.

During the improved “destructive” read operation of the presentdisclosure, bias conditions are selected and imposed by a memorycontroller to favor a fast injection of additional channel hot electronsto bring a cell to a Vt greater than 3.5V immediately after a read,regardless of an initial threshold voltage on the cell. The two phasesof this new read operation are illustrated in FIG. 3, which identifies atypical floating gate based cell 100 with control gate, floating gate,source/drain regions and a channel. A memory controller circuit 120implements the biasing conditions for the cell as set out herein. Asnoted above, because CHEI is mostly bit-specific, it affords an erase ofindividual cells without disturbing other adjacent cells (FIG. 1).

Thus as seen in FIG. 3 a novel preferred read operation implemented bycontrol circuit 120 preferably places a control gate voltage of 6V and adrain voltage of 5V on the selected cell, with the source and thesubstrate biased at 0V during a first phase (T_(R)). As is known, a cellmay be in a programmed (single or multi-level bit) or unprogrammedstate. For a cell that is originally in a programmed state, or a low Vtstate, the cell initially has a large amount of drain current when it isread (to detect a logical 1 (or other multi-level) value), and almostright away electrons are injected by the control circuit 120 unto thefloating gate (during a second phase T_(E)), causing the current to dropalmost instantaneously. Conversely, during the read operation a cellthat initially has a high Vt (an unprogrammed cell) would not see ordemonstrate such drastic reduction (or change) in the drain currentsince the cell already has injected electrons from the previous eraseoperation, and does not conduct very much drain current in the firstphase. The result is an integrated read instruction-command in whichboth a read and an erase (or re-program to an initialized state)operation are achieved during a single period of access/addressing thecell.

The original stored data on the cell can be sensed during a first phaseof the integrated operation in at least one of two ways, either by: 1)integrating a total charge flowing through the cell during an entireerase cycle (i.e., the total charge flowing through a logic “0” bit willbe significantly different than that flowing through a logic “1” (ormulti-level) bit during the access and can be easily measured); and/or2) detecting how a total change in drain current occurs as a function oftime (i.e., the current flowing through the cell should changedramatically for a logic “1” bit vs a logic “0” bit). The second sensingmethod can be implemented in a conventional differential-pair sensingscheme (not shown) in which the current of the selected cell is comparedwith an erased referenced cell, and the initial difference in currentcan be latched and read as a valid data, prior to the selected cellbeing erased. Regardless of an initial stored data value, or cell'sthreshold voltage, in this fashion, once a cell is accessed, all suchcells are set to a high Vt level, or at an erased level during a secondphase. Both sensing techniques are possible and it will be understoodthat the particular implementation will vary according to system, speedrequirements. This permits the data to be reset during the process ofaccessing the data. Accordingly, in preferred embodiments, once a cellis read, the original data is destroyed, and the state of the cell isthereafter at an erased state (until re-programmed of course).

Since the read operation is done under bias conditions that bring abouttraditional channel hot electron injection mode, the effects on thedevice are well known and should be minimal. This implementationachieves a Nonvolatile memory array that is durable, has a reasonablygood data retention lifetime during ambient storage, and offerswrite/program with only One-Time-Accessibility.

Table 1 below illustrates preferred bias conditions imposed on the cellsin a typical memory array during various operations by control circuit120, for both selected and unselected cells. It should be noted that theregular erase operation referenced below is done in bulk, or by blocks,while the reading and programming operations are preferably done on theselected bytes or bits. The various bias voltages, timings for thevarious phases, etc., are implemented by a controller circuit 120 whichcan be configured using conventional techniques to effectuate thenecessary signals for the memory access commands. While the example isgiven for a single logic level cell, it will be understood that otherbias conditions and cell types may be used to implement multi-levelvalues.

TABLE 1 Selected Unselected Selected Unselected Operation Drain DrainGate Gate Source Substrate Erase 0 V 0 V 10 V 10 V  0 V 0 V Program 5 V0 V −5 V 0 V 0 V 0 V Read 5 V 0 V 6.0 V  0 V 0 V 0 V

In terms of characterizing the cell behavior as a function of a read oraccessing operation, we illustrate the characteristics of the cells as afunction of the reading time on the cell to demonstrate the operation ofthe preferred embodiments. FIG. 1 illustrates the memory cells in a NORarray configuration, with the selected cell being the cell addressed byWL1 and BL1, in accordance with Table 1. Again, because CHEI is used toerase the cells after they are read, secondary disturbs should beminimal on other adjacent cells.

FIG. 2A shows the Vt of a programmed cell at low Vt state, or a “1”state, as a function of the access time when the read voltages areapplied on this cell. It is seen that the initial low Vt of the cell(i.e., below about 2v in this instance) is detected at the beginning orfirst phase of a read/accessing operation. During this time the data issensed and its logical value (1, 0) preferably determined by aconventional sensing circuit techniques, which may include the use ofdifferential pair sensing circuitry, as mentioned above. As the readingor accessing operation continues to a second phase, during whichsignificant channel hot electrons have been injected, and the initial Vtof the cell starts to move to a higher Vt due to the injection of thechannel hot electrons unto the floating gate.

At end of approximately 10 us (microsecond) (actual results will varyaccording to particular implementations and can be determined throughroutine experimentation or simulation), the cell Vt has already moved toa higher Vt than an erased Vt, or a logical “0” state Vt. Thus the cellis effectively erased during a single access which includes the readingoperation. It should be noted that as long as the sensing circuit candetect a significant amount of (or change in) current within the firstphase of the read operation—in this example, about 10 ns(nanosecond)—the state of the cell can be correctly read and determinedto be a “1” state (or a multi-level state in some instances).

Note in some implementations (as alluded to above) the “erase” phase ofthe read can proceed independently in the background (during a secondaccess) after the cell is read, so that access speed is not undulycompromised. Furthermore from a housekeeping—operational complexityperspective embodiments of the invention offer other unique advantages.For example since all cells are effectively kept or maintained at anerased state, regardless of their original underlying data, a programoperation does not have to be preceded with an erase operation as isrequired in some implementations. In addition from a device wear andleveling perspective, a greater population of cells are maintained in acommon and predictable erased state which should improve devicelongevity.

FIG. 2B shows the Vt of an already erased cell (logical 0 state) that isbeing read or accessed by memory control circuit 120. As is observedfrom the figure, the cell continues to increase slightly in Vt, makingit more robust in the erased state, or the “0” state. Through theduration of the reading operation, the state of the cell is determinedto be a “0” state cell.

In this implementation of accessing the content of the memory cellarray, the stored “0” data of the cell is again sensed correctly in theinitial first phase portion of the read time (first 10 ns), as can beseen by the fact that the drain current is small to begin with, and doesnot change significantly—in contrast to a cell with an initial logical 1state. Thereafter the memory cell is placed again) into an erased state,or the “0” state, regardless of the initial content of the memory cells.

Therefore in both cases, regardless of an initial cell state, a one timeaccessibility is achieved in the second embodiment during a singleaccess since the content of the cell is always destroyed and reset to anerased state during any read operation on the cell. This approach canhelp solve at least one significant problem now in the art, namely, thefact that mobile phone apps (e.g. Snapchat, Cyberdust) that purport todelete user texts, images, etc., do not actually physically orpermanently delete such data. Rather, they remove pointers to such data,or rename the files in question to make them less discoverable at alogical/software layer level. Moreover embodiments of the inventionstill retain data after power is removed/lost, and are thus superior toany prior art DRAM based techniques that may mimic such functionality.It will be understood that the invention is also compatible with and canbe used with encrypted messages/data as well.

In some embodiments it may be desirable to couple the read data from thearray into a separate conventional memory (which also may be NVM) buffer(not shown) of a predetermined size. That way, in the event of aninadvertent disruption or failure in the read/access process for arelative large file (which normally require a re-read of the data) themost recent data (whose size can be configured for a particularapplication) can still be reliably read by an external circuit, device,etc. For example in a movie context, a few minutes of content may bebuffered, while for music applications a few seconds, and so on.

A preferred embodiment of an ephemeral system that includes a mobiledevice 400 (which may a smartphone or other mobile computing device) andephemeral memory 410 which incorporates the memory innovations describedabove is shown in FIGS. 4 and 5. A graphical depiction of such devicesis also shown in FIG. 4. A second smartphone 400′ operated by a seconduser communicates to device 400 through a server and/or other wirelesscommunications network 490. Device 490 also may be optionally configuredwith ephemeral memories such as described herein to further improve datasecurity/privacy through one time access. This enables end to end OTAbehavior as explained further below.

A smartphone 400 includes an operating system 405 (such as iOS orAndroid) embedded in a secure persistent or non-volatile memory (such asa ROM, EPROM, etc.) for controlling interaction with a user andcontrolling I/O operations. In some embodiments device 400 may alsoinclude an ephemeral memory such as described above as part of the NVMmemory. The device 400 also preferably includes typical additionalcomponents such as an interface 420, which in some applications includesa micro USB or similar high speed data port. This port can be used tocouple additional peripherals to mobile device 400, including so-calledflash drives known in the art.

In the present embodiments, in the absence of (or in addition to)existing ephemeral memory on device 400, a micro USB ephemeral flashdrive 410 is preferably used to effectuate the goals noted above,namely, a portable one time access persistent, non-volatile memory. Itwill be understood of course that other form factors may be usedaccording to size, interface, etc. offered by a host device 400. Device410 may also be implemented as a local cache in accordance with theteachings of U.S. Pat. No. 9,300,719 (incorporated by reference herein)in which a local cache is configured (see device 185 FIG. 1A) to storedata for a mobile device.

A flash drive interface circuit 412 known in the art transfers usermultimedia data (including for example text, images, videos, audio,etc.) to/from mobile device 400 in accordance with a known UniversalSerial Bus (USB) protocol. Device 410 also includes both an ephemeralmemory controller 414 and an ephemeral memory 416, both of which weredescribed earlier above in connection with FIG. 1. From the perspectiveof mobile device 400, device 410 preferably appears as a conventionalflash device.

Mobile device 400 also includes conventional non-volatile memory 430,typically in the form of Flash or similar EPROM devices for long term,and in which device data 434 and code 432 are stored in conventionalfashion. The data 434 here is retained after power is removed from thedevice, and may include items such as email, text messages, cameraimages, video, audio files, etc. that a user has created or received.Code 432 may include both native operating system programs, routines, aswell as user applications (or “apps”) configured to run on device 400,which may be an iOS or Android based smartphone. The apps may includeutilities (email, calendar, notes, camera) as well as games and thelike, all of which may create their own data stored in permanent form inmemory 430 (until erased). As further noted herein, NVM memory 430 mayalso include ephemeral memory if so integrated by a device manufacturer.

In most applications, code is executed from a separate transitory RAMmemory 440 (DRAM, SRAM or some combination) along with accompanying userdata. DRAM (or SRAM) 440 is preferably a different transient type ofmemory than NVM 430, and requires refresh and/or continuous power (froma batter or other source) to maintain a data state. SRAMs are usuallyemployed to cache frequently used data or code since it is much fasterthan DRAM. Typically new programs or apps are loaded from NVM 430 toDRAM/SRAM 440 when they are required and reside there until removed.

A specialized processor 450 (which may be in the form of an ASIC orgeneral purpose microprocessor programmed with specific code) controlsoverall operation of device 400 through specialized firmware and othersecure boot routines stored in NVM 430. The processor (or supportingco-processor) also executes the OS, peripheral firmware, native routinesand user optional selectable routines in the form of applicationscommonly known as “apps.” Such apps can be downloaded from a number ofonline sites, including through dedicated online “app” stores operatedby large companies such as Apple, Google, etc. In other instances theymay be loaded directly already on a host device 400 or ephemeral device416. In any event, the code associated with such apps is embodied innon-transitory, computer readable medium form to be executed by aprocessor and related support circuits.

User input/output is preferably provided through customized keyboards,buttons, touch based interactive screens, displays, etc., managed bycircuits 460. Other modalities are expected to be implemented in futuregenerations of wireless communications devices. I/O data from suchinteractions is stored in structures such as buffer 444 where it can beused for operations.

Device 400 preferably includes other wireless data based circuits 480for preferably communicating wireless data (including through WiFi andcellular network based packet based protocols including but not limitedto available wireless industry standards such as CDMA, LTE, etc.)through different types of channels to a second device 400′ (which maybe a mobile system or other computing device), including voice and textbased to a server and/or wireless network computing system 490. Circuit480 thus preferably includes support for packet switched networks.Additional protocols for IP based communications can be employed as well(such as IEEE 802.xx.y, Bluetooth, etc.) to support Wireless local areanetwork (WLAN) channels. In applications where ephemeral treatment isspecified for data at a packet level, these circuits can also includefirmware capability for coding and decoding headers for ephemeralpackets as identified in Table 2 below. While not currently employed itis contemplated by the inventors that ephemeral treatment may beintegrated at the packet level within industry protocols at a laterdate.

Sensor/capture circuits 470 preferably include functions such asmicrophones, motion detectors, attitude detection, cameras, location(GPS) and similar well-known devices. Any and all of these circuits maycreate useful user data for user applications, utilities, games, etc.

It will be understood that FIG. 4 is a simplified diagram intended toelucidate the key features of the invention(s), and that the componentsof any particular smart mobile device will typically include otherfeatures (not shown) and vary according to user specifications,requirements, etc. For example, the device may include its own powersource (battery, etc.). Additional functionality and circuitry isexpected to be included in such smartphones in the future by skilledartisans as integration of capabilities through additional sensors andimproved processing capability becomes more widespread.

One main aspect of the device 400 of the present invention isthat—depending on the storage operating mode—some or all data for a filereceived or transmitted by device 400 can be (optionally) managed by anephemeral memory app running in part of RAM 440 which stores Tx/Rx anduser data temporarily in buffer 444, typically part of a DRAM. Any suchdata for a file, which would otherwise be stored in a conventionaldevice NVM 430, is instead preferably stored in ephemeral storage 416(and/or, as noted earlier in ephemeral storage onboard the device 400).In other instances, as described below, a native operating system andprocessor on a smart device may include direct address/access to allowdirect read/write operations to persistent ephemeral memory, bypassingan onboard DRAM entirely.

Any number of device applications can be coded with routine skill usingstandard development tools for the device in question to effectuate suchcompliance. For example, a text messaging app 442 (which may be obtainedfrom an online store as noted earlier) executing in memory can bufferand intermediate all or portions of received messages from a text basedchannel to ensure that they are stored and read from ephemeral memory416 and thus physically destroyed after reading. This app may also codeand decode ephemeral headers for individual packets. Image and textfiles shared by another user may be received, buffered, read anddestroyed in the same fashion. Video/audio files from a content website(not shown) may be downloaded and read in the same manner for one-timeplay.

Accordingly the invention is not limited by the type of data to bestored and/or perceived by the user. Rather, the intent and effect ofthe disclosed embodiments is to impart similar ephemeral qualities andcharacteristics to electronic data items (including as might be neededat different granular logical levels) as that which naturally occurswhen two human users interact by spoken dialogue in a personalconversation. In the latter context, of course, the spoken utterance byeach user, in the absence of recordation, leaves no permanent trace thatcan be accessed or exploited by third parties. Thus the presentembodiments address concerns and problems peculiar to and rooted incomputer technology.

Smartphone 400 therefore preferably includes one or more secureephemeral apps (described further below) running as code 442 in anoperating RAM 440. The secure app preferably manages data storagedecisions and options on smartphone 400 so that user and/or systemselected data can be offloaded on and retrieved from Micro USB EphemeralFlash Drive 410 (or onboard ephemeral memory). For example, secure code442 preferably implements a secure text messaging routine that permits auser of smartphone 400 to communicate with another user (not shown)through port 480 and exchange multimedia data such as text/images. Thelatter user data preferably passes through device 400 and is stored onMicro USB Ephemeral Flash Drive 410, and (preferably) not in a permanentmemory 430 of the smartphone 400 (unless the latter again has nativeephemeral memory). In a preferred approach, secure code 442 implements asecure application (“app”) that includes various mode capabilities sothat user data created or communicated by or through device 400 is notstored in non-ephemeral portions of any permanent memory 430. Inaddition such app may both code and decode ephemeral headers as they areembodied at the packet level, file level, etc., and performsteganographic coding/decoding as well. It will be understood thatsecure code 442 may directly implement any number of useful user/systemfunctions or features depending on target goals and requirements.

In other embodiments secure code 442 may simply be a more basicprocedure that is called by other system routines and/or user apps onlyfor data storage operations. In other words, a separate standalone textapplication (such as iMessage, Whatsapp, etc.) may call code 442 as partof data storage/retrieval operations to ensure the OTA aspects notedabove. From the perspective of such other apps, the operations ofstoring and retrieving data are completely transparent as they do notdirectly access ephemeral drive 410, but they are assured of ephemeraltreatment of their respective data.

In still yet other embodiments it will be apparent that any of thefunctional apps and utilities (camera, email, text, etc.) on device 400may in fact directly address, store and access data selectively throughconventional user configuration options to Micro USB Ephemeral FlashDrive 410 (or onboard ephemeral storage). For example, in a typical userconfiguration option in smartphone settings, a user can preferably optto have received and transmitted data routed exclusively through MicroUSB Ephemeral Flash Drive 410 (or onboard ephemeral memory) to ensureephemeral behavior.

Micro USB Ephemeral Flash Drive 410 preferably includes a flash driveinterface 412 for exchanging data/control signals with device 400, aswell as the basic ephemeral OTA components noted earlier, including anephemeral memory controller 414 and accompanying ephemeral OTA memory416. In some applications an optional additional communications chip 418can be employed to permit a direct secondary communications channel toserver/wireless network 490. This chip may support any and all short andlong range communications protocols (including WiFi, Bluetooth, andmodes normally supported by a smartphone) known in the art now (or laterdeveloped) to permit direct reception of ephemerally designated data.This chip may further include capability for encoding and decodingephemeral packet headers in accordance with the guidelines of Table 2below. These devices are preferably one or more integrated circuitsconfigured in similar fashion to that described above in connection withFIGS. 1, 2A, 2B and 3.

The combination of a variable sized external flash drive 410 form factorand diverse accompanying ephemeral apps running on smartphone 400permits a number of flexible configurations in addition to or in lieu ofonboard ephemeral memory. Smaller capacities for drive 410 may be usedfor simple applications such as email, text, etc. Larger capacities maybe used for more data intensive applications such as videos, movies,music files, etc. Users can reuse such media to consume multimediacontent for pay-per-view type applications, including movies. Vendorsmay provide physical kiosks at locations such as supermarkets to permitusers to directly download OTA content to their respective media througha docking station. Other combinations will be apparent to skilledartisans from the present teachings.

To avoid potential data breaches, device 410 is preferably tethered todevice 400 so that it is not readable by others if it is lost, stolen,etc. Secure electronic tethering is known in the art, and can beimplemented in the present embodiments automatically by a firmwareroutine within device 410, which detects a unique device ID for device400 and thereafter only allows accesses from such device. The uniquedevice ID (encrypted or otherwise) is preferably stored in a securenon-volatile boot memory (such as a one time programmable (OTP)) so thatit can only be written once and never modified. In still otherinstances, device 410 identifies a mismatch between a paired device IDand a device connected through interface 420 prior to initiating accessto ephemeral memory 416. In the event of a mismatch device 410preferably implements a self-erase procedure (or similar routine) todelete any and all content thereon. In still other variants, such aswhen device 410 includes communications capability, such peripheral canbe remotely wiped, again using techniques similar to those employed byother secure services, such as iCloud™ Findmyphone™ and others. In thismanner the potential misuse of peripheral device 410 by another user canbe minimized.

Some embodiments of the invention therefore effectuate a securetechnical bridge for users to extend conventional streaming (andprogressive downloading) of multimedia, which may be restricted as partof digital rights management, and can only be achieved with a reasonablebroadband connection. For example some websites or applications may onlysupport direct streaming and not storage of multimedia data on a remotedevice due to content restrictions from a vendor. While this can becircumvented by some known streaming recorders, the present inventionallows media vendors to achieve the same result but in an authorizedmode. That is, a vendor can extend the reach of their data to users andpermit it to be consumed in non-streaming modes, as they canenforce/ensure playback through a decoder or plugin, and be reasonablyassured that their data is secure because after such event it is nolonger accessible after it is consumed. In some instances, a directdownload option may be available if the vendor is satisfied of one-timeplayback of the media item. In other instances a vendor maypermit/support direct ephemeral recording of a stream (which is alreadyperformed by some set top boxes such as Hauppage, and software such asApowersoft, Movavi, Gizmo) to an authorized OTA based receiver to mimica conventional streaming recording system.

As noted above, the ephemeral memory controller is preferably configuredso that the actual data items (not merely keys, file pointers or otherlogical indexes) are physically destroyed. In this manner the user'sdata is completely irretrievably removed. It will be understood,however, that some embodiments may simply store an encryption key orother file directory/lookup information in ephemeral form to logicallyor virtually “delete” the data. In such instances the data mayphysically remain in storage, but become effectively unreadable as itcannot be retrieved using conventional software routines.

FIG. 5 depicts a preferred process used by smart devices that include(or can be docked with) an OTA memory. A request for a secure datasession (or treatment of a particular data item) is initiated at step505, which, as seen in FIG. 5, may originate from outside a host 500environment. For example a separate device 400′ (FIG. 4) may initiate anephemeral communications session as a condition of sending a textmessage, a picture/graphical image, audio recording, video recording,etc. Conversely, device 400 may perform such operation attendant tosetting up a session with device 400′ for the same purpose.

In other instances a designation of ephemeral treatment is designated onan item by item basis by the sender from device 400.′ For example asender may tag a particular image within a communications app to betreated as ephemeral data. In other applications, each individualcommunicated packet may be configured to include an ephemeral headerdefining its treatment. Accordingly a spectrum of treatments are enableddepending on the granular control specified by the participants in acommunication.

In some applications, as noted earlier, an onboard communications IC 418for the ephemeral storage device 410 permits direct initiation of securedata sessions with independent capability. This allows ephemeralidentified data between devices 400/400′ to flow primarily though OTAmemory and without implicating other onboard storage.

In still other instances, a secure session is initiated automatically inresponse to a docking event between device 400 and device 410, signalinga user's request to employ the features of an ephemeral memory. Thisdocking is preferably detected by hardware within interfaces 412/420 totrigger operation of an OTA mode in the device.

At such point smartphone 500 (or some other form of host computer)preferably invokes (including through user action) an ephemeral storageapp at step 510, which may be a standalone secure app with additionalfunctionality as described herein (see app 442 FIG. 4), or a call to (orpart of) a routine (from another app) to perform data storage/retrievaloperations to an ephemeral memory in an operation 540. In the latterinstance, other third party apps can enable and employ ephemeralcapability attendant to their normal I/O operations as well. Forexample, a user of an app originated and controlled by Facebook™ canaccess and use an ephemeral memory (either onboard device 400 orseparate peripheral 410) for videos received from other social mediamembers. Such app can also create and append ephemeral headers (asspecified below) to files and packets using known techniques. In yetother embodiments a secure application may be integrated directly intoan operating system as a library routine, or other accessible systemroutine, and be integrated into or called by such program. In suchinstance it can be invoked in a manner similar to any other availableroutine embedded on device 400.

At step 520, the smartphone also preferably permits a user to configurethe device to operate in different secure modes, including withdifferent levels of data treatment/security. At a first level or as afirst parameter, a user can specify whether or not an ephemeral modeshould be enabled in the device, and, if so, what type of ephemeraltreatment: destructive read, or erase after read, slow/fade erase (seebelow) and so on. As a second parameter, a user can specify a scope ofthe OTA operation across different applications within device 400, usingdifferent OTA modes.

For example, in a first OTA mode, only data used by a specific ephemeralOTA app (and its related functions, such as texting, images, etc.) aresubjected to OTA treatment. Preferably, any and all data passing throughsuch app 442 (including both received and transmitted data) is storedexclusively in ephemeral OTA memory 416 (FIG. 4) at step 540, with onlysmaller data buffers 444 used in DRAM for temporary storage of data. Thebuffers may be varied and appropriately sized using conventionaltechniques to accommodate the bandwidth of the application which theyserve. For example a communications app receiving user text and staticimage data at step 530 (from a second device 400′ through network 490)may use a much smaller buffer than an application that is receivingvideo to be played back at a later time.

For some applications, received data from device 400′ (FIG. 4) mayfurther expressly include an ephemeral tag associated with such datathat is specified by a remote user as noted above. This tag (at the filelevel or packet level) is then read and observed—respected by secure app442 as part of a communications session. As alluded to above, secure app442 also performs the reverse operation of encoding an ephemeral headeron the transmit side.

To increase security, device 400′ (through its own onboard secure app)may request, require and confirm the adoption of secure ephemeralcommunications capability on a device 400 prior to establishing a dataconnection. This can be done, again, with different levels of securityprotocol and complexity, including everything through a simple softwareacknowledgement from secure app 442 (implicit verification of ephemeralcapability) on device 400, all the way through allowing device 400′ tocoordinate with such app to control a hardware operation and write/readdata directly at step 540 from ephemeral memory 410 on device 400 toconfirm explicit verification of ephemeral treatment of data on suchdevice. For example, a standardized test message (or packet) from device400′ can be written and read from device 410 (or onboard ephemeralmemory 430) in an operation 540, and then checked again (at steps 550,56) by remote device 400′ to confirm that such message is no longerreadable. Other verification variants to confirm proper treatment ofephemeral tagged data will be apparent to those skilled in the art.

In some applications a processor may have built-in direct addresscapability, or an internal bus and DMA architecture can be implementedin hardware so that it is possible to route directly from an interface(not shown) of latches and/or buffers in a communications port (FIG. 4480) through device interface 420 and stored in ephemeral memory 416 (oronboard) in an operation 540 without also requiring storage in a generalsystem DRAM. In other words, an operating system may be enable directread/write of packets to an ephemeral memory 416 (or onboard), bypassinglocal storage and further reducing data traces/footprints. For otherapplications, a secondary ephemeral channel may be set up as shown instep 555 (through secondary communications device 418—FIG. 4) todirectly receive Rx packet data and thus bypass device 400 entirely.Other schemes that can reduce the possibility and presence of permanentdata on device 400 will be apparent to skilled artisans.

In a variant of this first mode, a user configuration may designate inan operation 570 that data created and transmitted by device 400 to asecondary device 400′ also be stored and destroyed locally after it isused. As alluded to above, as part of communications operations device400 can further specify and/or tag any specific data item (text, image,audio, video, etc.) sent to device 400′ to be treated as ephemeral data.The ephemeral treatment parameter can be specified as part of the datastructure for each data item as shown in step 515 (i.e. as part of thefile, or part of each packet) or simply specified at the beginning of adata session (as part of a handshaking operation) to apply to everyaspect of such session. It will be understood that other similar schemesmay be employed as well.

In a second OTA mode, which is more comprehensive, additional data fromother applications is also preferably subjected to ephemeral treatment.That is, ephemeralness is effectuated at step 585 by controlledmigration and re-write of user data from other applications on aperiodic or episodic basis in an operation 540 to ephemeral memory. Toachieve this task, user data can be tagged with an ephemeral parameterin memories 430, 440 by an originating app (from which the data comes)or from a secure app 442 after it is invoked at step 520. It will beunderstood, of course, that a secure app must be given access rights byan operating system or the respective apps to perform such modificationof the underlying data. Again, in some applications such app may beintegrated and operating continuously as part of an operating systemhousekeeping procedure.

Alternatively device 400 may be configured such that any and all loadedand executing app data is first passed through or screened by secure app442, which in turn then controls all write-read operations in accordancewith a specified ephemeral parameter specified for such data from suchapplication.

The ephemeral parameter specified at step 515 may be time based, orevent based, where an event may be as simple as requiring that the databe moved in an operation 540 prior to being read. Thus when anapplication on device 410 attempts to read such data in a conventionaldevice memory 430, 400, it is first stored by secure app 442 toephemeral memory 416 in an ephemeral operation 540.

In another variant of step 515 an event may be a number (N) accesses ofthe data associated with a read count access parameter. After such Naccesses or uses, data tagged with such expired ephemeral parameter ismoved to ephemeral memory where it can be read one last time and thendestroyed permanently. Other event-based limitations will be apparent toskilled artisans.

A time based parameter specified for a particular application at step515 preferably causes data to be moved automatically from memories 430,440 to an ephemeral memory 416 in response to detecting that a specifiedtime has been reached. This may be varied from application toapplication, so that text data from an email app may be permitted tostay on device 410 longer than image data from an image sharing app. Anyor all of such parameters may be specified by a user during step 520. Inaddition users may be alerted to such time based data migration events,either before or after to inform them of the ephemeral treatment of datafor a specific application.

Both time and event based OTA parameters can be specified as part of aconfiguration of a data session between two devices 400 and 400,′ oridentified as part each file, or each communicated packet. A user ofdevice 400 or 400′ for example may specify that a particular data item(an image) should only be retained by an OTA memory for a period of timeT (minutes, hours, days, etc.), or only for a certain number of accesses(reads). After such period of time, or after such numbers of accesses,the sender's data is automatically deleted in accordance with theirspecification, whether it has been read or not by a recipient-user ofdevice 400. This mode may be desirable where a sender wants to ensurethat his/her data is irretrievably destroyed after a few minutes ofsending to avoid potential situation where the recipient loses device410 or forgets to check received data.

The hard/physical ephemeral parameters attendant to such data areenforced through conventional erase and/or read/erase operations ondevice 410. Thus, device 410 may support multiple types of accessoperations, i.e., both read/erase and {read, erase} as separateoperations. These operations in turn may be software activated (bytimers/event minders within an app or firmware operating on devices 400,410) or enforced by scheduling timers (or access counters) at thehardware level of an ephemeral controller 414. Note that in someinstances to effectuate such behavior, an artificial shadow/ghost readoperation step 550 (or other housekeeping operation) may be implementedin which the data is destroyed while read from device 416 even beforethe recipient has actually perceived it because a timeout parameter hasexpired.

A user may further optionally request at step 515 that the secure appmove or migrate data from smartphone 400 to ephemeral memory 416 inresponse to some other predetermined event, such as an identifieddocking between device 400 and drive 410. The external device 410 mayinclude a visual indicator to inform a user of such synching operations,and indicate such on a display of device 400. Synching operations arewell-known in the art, and can be employed with variants of the presentinvention to facilitate ephemeral memory behavior.

In other instances another application on the device such as a nativecamera app, or a user game app, or a communications app, invokes secureapp 510 during or at the end of a data session to migrate data offdevice 400 to drive 410 during operation 585. Subsequent to suchoperation, a third party app (or the secure app) may perform anadditional secure erase or cleanup operation at step 588 to ensure thatthere is no remaining data retrievable from device 400. This can beachieved in different ways on different devices with varying levels ofsecurity. For example iOS devices include a feature dedicated to securedata erasure called Effaceable Storage. This feature accesses theunderlying storage technology (for example, NAND) to directly addressand erase a small number of blocks at a very low level. While this isonly the keys, not the data itself, it still allows for some measure ofprotection. Similar cleanup procedures could be implemented in otheroperating systems.

Finally, as seen in step 555, in a third OTA mode a user may furtherspecify that any and all received/transmitted data be routed through anephemeral channel, which is separate from other communication channelson device 400 so that preferably (at least) no received data (andpreferably no transmitted data) is ever stored in permanent form on suchdevice. Such data may be coded at the packet level, again, withephemeral headers. This affords a form of proxy behavior, where the OTAdevice supplants a host device's communications/storage facility. Thisephemeral channel preferably supports and incorporates some or all ofthe available protocols conventionally supported by a typical portabledevice but can be limited as needed based on cost and performancerequirements. For example, it may include only basic WiFi capability. Insuch embodiments, after a secure data connection is configured andestablished, data from device 400′ is received directly bycommunications chip 418 so as to bypass device 400 entirely. Thereceived data is then destroyed while (or after) it is read by one ormore apps on device 400 as described above.

For each mode, as shown in FIG. 5, the operation 550 of reading datafrom ephemeral memory causes it to be physically and irretrievablyerased during operation 560. As noted above, additional memory bufferingcan be employed to prevent loss of data from power glitches and thelike.

The ephemeral operation of device 500 may continue until a securesession is terminated as seen at step 590. As seen above a data“session” may be set up and constitute the duration of a communicationsexchange between two devices 400, 400.′ Alternatively device 400 may beplaced into a secure session mode until an un-docking event is detected,until an application closes, and so on. Other examples will be apparentto those skilled in the art from the present teachings.

While shown in the context of an OTA (one time access) memory device, itwill be understood that the hardware configuration of FIG. 4 andoperations set out in FIG. 5 may be employed with other ephemeral memorytypes such as disclosed in Ser. No. 14/857,275 by the present inventorswhich is also hereby incorporated by reference.

Furthermore while shown in connection with a portable device 400, itwill be understood that ephemeral memory 410 may be coupled to otherconventional computing devices, including desktop computers, laptops,etc. to secure communications and user data. In instances where itincludes direct communication capability, a USB based implementation inthe form of a dongle, or other peripheral, may affect a securecommunications link (for example through encrypted WiFi) and act as asecure proxy to prevent a host computer from being subjected toundesired received data. In other applications it may operate as anauthorized media ephemeral streaming recorder as noted above, to permitadditional control over content distribution.

In addition, while operations in FIG. 5 are shown as occurring incertain locations or within certain devices, it will be understood bythose skilled in the art that such functions may be distributed betweensuch devices. In other words, a reading operation (such as step 550) mayinvolve more than one routine executing on more than one device. Theparticular configuration is expected to vary from application toapplication and device to device.

The configuration of ephemeral memory device 410 may be performed with acombination of hardware and software configurations. For example, device410 may be hardwired to a particular operational mode, so that data isdestroyed while or during reading (i.e. as part of a hybrid destructiveread operation), or immediately after reading (as part of a secondfollowup operation). In other applications such capability can be thesubject of user configurations or options to permit flexible securitymanagement. In other applications such device 410 may be configurable topermit storage exclusively through a secondary channel 418, or onlythrough interface 412, or through both, and so on. Other variants willbe apparent to those skilled in the art.

As seen in FIG. 5, password protection, and encryption and decryptionmay be employed as well along with the present invention to increasesecurity and privacy. Moreover as explained earlier, ephemeralparameters may be steganographically embedded within a data item (forexample, an audio file, a video file, etc.) to make them less detectableand circumvented. It will be understood by those skilled in the art ofcourse that no system can be completely foolproof, but it is expectedthat embodiments of the present invention will yield superiortechnological advantages over the prior art for protecting user data andimparting ephemeral qualities to such.

As seen above, preferably, data can be subjected to ephemeral treatmenton a packet by packet basis, file by file basis, application basis,session basis, etc. Other logical constructs of data objects and dataitems can be tagged as well. This treatment can be incorporated within aprotocol and part of a handshaking procedure in communications betweentwo devices. This ensures that selected sensitive data is only storedinto some form of ephemeral memory (OTA cells or even a basic DRAMbuffer), and is prohibited from storage in non-ephemeral storage media.

It is expected that businesses will also benefit from embodiments of theinvention, particularly when employees use personal mobile phones toconduct their work. By incorporating an ephemeral memory (either onboardor as part of a dedicated peripheral) and related business applicationsthat imposes ephemeral treatment on employee data, businesses can beassured that applications used by their employees do not compromisebusiness secrets and other confidential information that might bereceived on an otherwise unsecure employee phone. Because a conventionalphone may be configured to never store non-ephemeral data, it can beused longer without worry of data loss.

For example, an individual image file from a user using a particularapplication can be tagged to include an ephemeral header withaccompanying parameters. The ephemeral header may be incorporated withinthe data item itself using well known watermarking and/or steganographictechniques. In other applications an ephemeral header is coded anddecoded for each ephemeral data packet that is created and/or received.For other applications, ephemeral treatment can be specified for any andall data items created or used during a data session, or at all times bya particular application, and so on. Other personal or business relatedrules can be imposed and devised to increase security and privacy.

Accordingly an ephemeral data item preferably is coded to include bothephemeral data and an ephemeral tag or ephemeral header with fields andparameters such as shown in Table 2:

TABLE 2 Field Description Values Ephemeral Is the item to be treatedPreferably binary as Data? as ephemeral data designated by creator orrecipient Where In which environments is data sufficient to specify itemto be treated as host, recipient, all, etc. ephemeral Scope Whichapplications data sufficient to specify should treat as ephemeral whichapplications (all, individually, etc.) Type What kind of ephemeral Erasewhile read (OTA) treatment to be enforced Erase after read (OTA)Slow/fade erase Channel Where can the item be restrict to ephemeralrestriction stored? memory only channel or permit temporary storage onrecipient device Time Based? Is the item to be treated Preferably binaryas ephemeral for a finite time Time Value When does ephemeral futuredate/time data, or treatment expire from date of creation (mins, hours,days, etc.) Data Should the item be Preferably binary Expiration?destroyed at a particular time Expires Time at which ephemeral futuredate/time data, or when data is destroyed by from date of creationdevice I Buffer? Whether data packets can Preferably binary be bufferedby an application Buffer size Maximum size of data sufficient toidentify allowable buffer for buffer size in non- ephemeral dataephemeral memory Event Is data to be treated as Preferably binary Based?ephemeral based on particular event? Trigger Which events trigger datasufficient to specify: # Event ephemeral treatment? read accesses ofdata item, Identification communicating the data item, docking betweentwo devices, use by particular applications, etc.

Again it should be noted that the ephemeral header field data may not benecessary in applications where it is incorporated already as aprerequisite to establishing a communications session, and a defaulttreatment is imposed in which all data is so treated is built into aparticular protocol variant. It will be appreciated by persons skilledin the art that the content of FIGS. 4 and 5, along with theaccompanying description, including the explanation of the set up of theephemeral data treatment, are more than sufficient and adequate todefine the structure of suitable algorithms, code and routines and theirdata structures to effectuate such functions within the devices asdescribed. In addition, contemporary device apps are typicallyconstructed from building blocks/modules of third party code inconventional developer libraries which can be accessed to perform thefunctions identified. The identity, arrangement and/or modification ofsuch modules—and their structural arrangement as embodied in computerreadable code form—will be apparent to skilled artisans from the presentteachings. Accordingly, unless otherwise explicitly expressed in theaccompanying claims in the literally prescribed statutory format, orduring the course of examination of the present application, Applicantsdo not invoke or intend 35 U.S.C. § 112 paragraph 6 (or its lateradopted derivatives) for purposes of construing the claims.

Embodiments of the invention afford more secure end-to-end securecommunications through OTA modality at every communications point. Inother words, at device 400′ a user may create an image captured by acamera and tag it as ephemeral (along with other parameters). Acommunications app on such device (not shown) “reads” such data from anOTA storage memory, causing it now to be automatically and irretrievablyremoved from device 400.′ Such data, even if cached or buffered by anetwork or server 490, is then also removed from a communicationspipeline during a read/transmission operation to device 400. After auser consumes/perceives such image on device 400, it is similarlyphysically erased. Accordingly, by adopting and enforcing OTA behaviorat every data access node, secure ephemeral communications can beimplemented to permit more private, secure correspondence. As little orno data is ever permanently stored anywhere, the possibility of conflictwith legal authorities (to retrieve user data) is reduced as well as thedata never takes root in any location—or at a minimum, not in any areascontrolled by the user of device 400. As such, the embodiments enableand implement a form of data-based “right to be forgotten” integrated aspart of a communications session at a controllable granular level. Whatis claimed is:

1. A portable peripheral computing device adapted to secure data for anapplication executing on a separate mobile device comprising: aninterface on the portable peripheral computing device which is adaptedto communicate data between the portable peripheral computing device anda high speed port on the separate mobile device; an ephemeral memory onthe portable peripheral computing device which is adapted to storeephemeral data based on a security designation provided by the separatemobile device; an ephemeral memory controller circuit on the portablecomputing device adapted to write and read said ephemeral data to andfrom the ephemeral memory based on security parameters provided by theseparate mobile device application; the ephemeral memory controller onthe portable peripheral computing device being adapted to effectuate atleast two (2) separate data erase modes, including: 1) a first erasemode in which first ephemeral data in the ephemeral memory is deleted ona bulk basis based on a dedicated erase operation; 2) a second erasemode in which second ephemeral data in the ephemeral memory isautomatically deleted on a byte or bit basis as part of a read accessoperation made to such ephemeral data; wherein said second erase modealters an original physical charge state of cells storing such secondephemeral data, and such that an original value of said second ephemeraldata is unreadable.
 2. The device of claim 1 wherein the separate mobiledevice is a smartphone.
 3. The device of claim 1 wherein the device isadapted to support a mobile smartphone application implementing a securecommunications channel in which no received data from a second mobilesmartphone is stored in a non-volatile memory of the separate mobilesmartphone.
 4. The device of claim 2 wherein said second erase mode canbe selected and invoked selectively on an item by item basis by saidsecond mobile smartphone.
 5. The device of claim 2 wherein a securesession is initiated automatically in response to a docking eventbetween the separate mobile smartphone and the portable peripheralcomputing device.
 6. The device of claim 1 wherein the controller isalso adapted to automatically erase said ephemeral data from the devicebased on said set of ephemeral parameters, including in response to anyor all of: a) a read access; b) a time expiration; c) a predeterminedevent relating to said ephemeral non-volatile memory device.
 7. Thedevice of claim 2 wherein the separate communications channel isconfigured to only use DRAM on the separate mobile smartphone forbuffering and temporary storage of data.
 8. The device of claim 1wherein the ephemeral memory on the portable peripheral computing deviceis configured to store encryption keys and encrypted data for acommunications session established by the mobile smartphone application.9. The device of claim 1 wherein said interface on the portableperipheral computing device supports a USB protocol.
 10. The device ofclaim 1 wherein only the ephemeral memory on the portable peripheralcomputing device stores data for a communications session established bythe mobile smartphone application between the separate mobile smartphoneand a second mobile smartphone.
 11. The device of claim 1 furtherincluding a communications interface on the portable peripheralcomputing device adapted to set up a secure data channel under controlof the mobile smartphone application between the separate mobilesmartphone and a second mobile smartphone, such that all receivedcommunications data is first passed through the portable peripheralcomputing device.
 12. The device of claim 1 wherein the cells are partof an array of flash memory cells using floating gates for storingelectrical charge representing a data state.
 13. The device of claim 1wherein the cells are part of an array of phase change memory cells forstoring a data state.
 14. The device of claim 1 wherein ephemeral memorydata erased in the second mode includes actual content for messages aswell as encryption keys for such content.
 15. The device of claim 1wherein the ephemeral memory controller circuit is adapted to write andread a standardized test message from said ephemeral memory undercontrol of the separate mobile smartphone application and issue aconfirmation to a separate mobile smartphone that such message is nolonger readable.
 16. The device of claim 1 wherein the separate mobilesmartphone application is adapted to read and migrate user data fromother applications executing on the separate mobile smartphone to saidephemeral memory.
 17. The device of claim 1, wherein the separate mobilesmartphone application is configured to migrate the other applicationdata on a periodic basis.
 18. The device of claim 1 wherein the separatemobile smartphone application is adapted to read and migrate user datafrom other applications executing on the separate mobile smartphone tosaid ephemeral memory in response to detecting a docking operation withthe portable peripheral computing device.